Utilisation d'un Web Service en mode SSL (ws)
(→pour le certificat client) |
|||
Ligne 40 : | Ligne 40 : | ||
===pour le certificat client=== | ===pour le certificat client=== | ||
− | + | '''openssl.exe pkcs12 –in certificat_client_in.pfx –out certificat_client_out.pem''' | |
on doit obtenir ceci | on doit obtenir ceci | ||
− | Bag Attributes | + | Bag Attributes |
localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F | localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F | ||
friendlyName: Sage SSO Test Identity P (EC2) | friendlyName: Sage SSO Test Identity P (EC2) | ||
− | Key Attributes: <No Attributes> | + | Key Attributes: <No Attributes> |
− | -----BEGIN RSA PRIVATE KEY----- | + | -----BEGIN RSA PRIVATE KEY----- |
− | MIICWwIBAAKBgQCKv+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g | + | MIICWwIBAAKBgQCKv+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g |
− | 4paPUlS7PnkINtR2fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0C | + | 4paPUlS7PnkINtR2fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0C |
− | cNWlT3WeTYJRxuD642NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQAB | + | cNWlT3WeTYJRxuD642NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQAB |
− | AoGATmat2ZfkFergJo+ZzxbhDZA6xFo5jdQ0FSGdfdeGKyeuCJ7bxr1Cpim3hzZ9 | + | AoGATmat2ZfkFergJo+ZzxbhDZA6xFo5jdQ0FSGdfdeGKyeuCJ7bxr1Cpim3hzZ9 |
− | 3Y5d77ZoEWxDfWKvZwExAasa8Mxirh91B5H2Q+JS02eQPBald583BiolYKjuWrdR | + | 3Y5d77ZoEWxDfWKvZwExAasa8Mxirh91B5H2Q+JS02eQPBald583BiolYKjuWrdR |
− | CXGVZo5xDt2beuNCwndQvUdfLlLQeKYtpUrBjcvDIgFRO+ECQQDkP2WxF9cwqvnN | + | CXGVZo5xDt2beuNCwndQvUdfLlLQeKYtpUrBjcvDIgFRO+ECQQDkP2WxF9cwqvnN |
− | z69Y33W1CoDHRZbhj551ND66OC0TYisXBGAuymbfAr/8eIEr5D+NodqWWcJhOVXf | + | z69Y33W1CoDHRZbhj551ND66OC0TYisXBGAuymbfAr/8eIEr5D+NodqWWcJhOVXf |
− | dPO6ebXzAkEAm56yNagENnKjjpGP9EW5odefKTWs65selucJmC+JgFj7rskzImeQ | + | dPO6ebXzAkEAm56yNagENnKjjpGP9EW5odefKTWs65selucJmC+JgFj7rskzImeQ |
− | YIM7++HRBHwYByKUHXpzVP2uIpyiFhY39wJAP317FhXhoAIPVrasufX+0gtH4yZy | + | YIM7++HRBHwYByKUHXpzVP2uIpyiFhY39wJAP317FhXhoAIPVrasufX+0gtH4yZy |
− | X/AJTeTohfhWYYvvHIn1D07x6prjOKF0nPbyzrz1BtmU/mJqhqwLmBV/DQJAc4t9 | + | X/AJTeTohfhWYYvvHIn1D07x6prjOKF0nPbyzrz1BtmU/mJqhqwLmBV/DQJAc4t9 |
− | HkHF/vdXYT/K9r/eeMA0ONDVt4nRSJH6mbiSC24GUVyqTt0+YaqPGxIrs3zACmwu | + | HkHF/vdXYT/K9r/eeMA0ONDVt4nRSJH6mbiSC24GUVyqTt0+YaqPGxIrs3zACmwu |
− | NUT55R0F8kUCRAvzOQJATQ4h4D03xPgHlyh75qIPRmda+ShoV0UROI/bF7KRstVY | + | NUT55R0F8kUCRAvzOQJATQ4h4D03xPgHlyh75qIPRmda+ShoV0UROI/bF7KRstVY |
− | AFTC4VkU1qTIZNzUWjBl19OkD6aLN6E71f4KuAyuog== | + | AFTC4VkU1qTIZNzUWjBl19OkD6aLN6E71f4KuAyuog== |
− | -----END RSA PRIVATE KEY----- | + | -----END RSA PRIVATE KEY----- |
− | Bag Attributes | + | Bag Attributes |
− | + | localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F | |
− | + | friendlyName: Sage SSO Test Identity P (EC2) | |
− | subject=/C=United Kingdom/O=Sage (UK) Limited/CN=webappp.sagessdp.com | + | subject=/C=United Kingdom/O=Sage (UK) Limited/CN=webappp.sagessdp.com |
− | issuer=/C=United Kingdom/O=Sage (UK) Limited/CN=Sage SSO Identity Root (EC2) | + | issuer=/C=United Kingdom/O=Sage (UK) Limited/CN=Sage SSO Identity Root (EC2) |
− | -----BEGIN CERTIFICATE----- | + | -----BEGIN CERTIFICATE----- |
− | MIICyTCCAjKgAwIBAgIQZV6oewOPcJJLyELdjc/oCDANBgkqhkiG9w0BAQUFADBc | + | MIICyTCCAjKgAwIBAgIQZV6oewOPcJJLyELdjc/oCDANBgkqhkiG9w0BAQUFADBc |
− | MRcwFQYDVQQGEw5Vbml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExp | + | MRcwFQYDVQQGEw5Vbml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExp |
− | bWl0ZWQxJTAjBgNVBAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMikwHhcN | + | bWl0ZWQxJTAjBgNVBAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMikwHhcN |
− | MTAwMzAzMDAwMDAwWhcNMTMwMzAzMDAwMDAwWjBUMRcwFQYDVQQGEw5Vbml0ZWQg | + | MTAwMzAzMDAwMDAwWhcNMTMwMzAzMDAwMDAwWjBUMRcwFQYDVQQGEw5Vbml0ZWQg |
− | S2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxHTAbBgNVBAMMFHdl | + | S2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxHTAbBgNVBAMMFHdl |
− | YmFwcHAuc2FnZXNzZHAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK | + | YmFwcHAuc2FnZXNzZHAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK |
− | v+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g4paPUlS7PnkINtR2 | + | v+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g4paPUlS7PnkINtR2 |
− | fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0CcNWlT3WeTYJRxuD6 | + | fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0CcNWlT3WeTYJRxuD6 |
− | 42NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQABo4GTMIGQMIGNBgNV | + | 42NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQABo4GTMIGQMIGNBgNV |
− | HSMEgYUwgYKAFDiqRVtx74Up9IYm31a12OhUrRtVoWCkXjBcMRcwFQYDVQQGEw5V | + | HSMEgYUwgYKAFDiqRVtx74Up9IYm31a12OhUrRtVoWCkXjBcMRcwFQYDVQQGEw5V |
− | bml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxJTAjBgNV | + | bml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxJTAjBgNV |
− | BAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMimCCAwZpjuJQDU2MA0GCSqG | + | BAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMimCCAwZpjuJQDU2MA0GCSqG |
− | SIb3DQEBBQUAA4GBAEuqnO78EANjZT/DfZU124DvRy/r+L1hZ3Et7a62wnHjDgAX | + | SIb3DQEBBQUAA4GBAEuqnO78EANjZT/DfZU124DvRy/r+L1hZ3Et7a62wnHjDgAX |
− | zKS3irZvzDOELYoXB5nkd4MMjCcy9F0jCZ2WfIWCS7D5LGrLLKcTKu5lKsArADKG | + | zKS3irZvzDOELYoXB5nkd4MMjCcy9F0jCZ2WfIWCS7D5LGrLLKcTKu5lKsArADKG |
− | LzFrcDP6Y2djoToTgXWkQ6GDRu2uaOpQ/ZVWBY/qr0RKf1Fye1dAEyspPwhC | + | LzFrcDP6Y2djoToTgXWkQ6GDRu2uaOpQ/ZVWBY/qr0RKf1Fye1dAEyspPwhC |
− | -----END CERTIFICATE----- | + | -----END CERTIFICATE----- |
− | + | ||
− | Extraire -----BEGIN RSA PRIVATE KEY----- ....-----END RSA PRIVATE KEY----- dans un fichier ==> c'est la clef privée | + | Extraire -----BEGIN RSA PRIVATE KEY----- ....-----END RSA PRIVATE KEY----- dans un fichier ==> '''c'est la clef privée''' |
− | Extraire -----BEGIN CERTIFICATE----- ...-----END CERTIFICATE----- dans un fichier ==> c'est le certificat client | + | Extraire -----BEGIN CERTIFICATE----- ...-----END CERTIFICATE----- dans un fichier ==> '''c'est le certificat client''' |
Version du 4 juin 2010 à 11:54
Sommaire |
Présentation
Paramétrage
La couche internet utilisée exige les certificats au format "pem".
Il s'agit convertir le certificat serveur et le certificat client.
Pour le certificat racine
openssl.exe pkcs12 –in certificat_racine_in.pfx –out certificat_racine_out.pem
on doit obtenir ceci
BEGIN CERTIFICATE-----
MIICvjCCAiegAwIBAgIJAK5PRnaJPY2KMA0GCSqGSIb3DQEBBQUAMFwxFzAVBgNV BAYTDlVuaXRlZCBLaW5nZG9tMRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEl MCMGA1UEAwwcU2FnZSBTU08gSWRlbnRpdHkgUm9vdCAoRUMyKTAeFw0xMDAzMDMw MDAwMDBaFw0xMzAzMDMwMDAwMDBaMFAxFzAVBgNVBAYTDlVuaXRlZCBLaW5nZG9t MRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEZMBcGA1UEAwwQc3NvLnNhZ2Vz c2RwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnmVjDSzjEQSir0T7 GlUmRJWiUzB3yqCYv1czu5h71/FOjVTrrzN33fNfgzdywubAqgvzvKfkCpzRGZR6 Ls8GlKy/jJQZoCbXgcxedEFM0QJYYB8gBYuUQWYxpck4C0VTLHOHyxppTRZ/5bNW ubjSL/nk/QBrO7ZlLHomLXi9HDsCAwEAAaOBkzCBkDCBjQYDVR0jBIGFMIGCgBQ4 qkVbce+FKfSGJt9WtdjoVK0bVaFgpF4wXDEXMBUGA1UEBhMOVW5pdGVkIEtpbmdk b20xGjAYBgNVBAoMEVNhZ2UgKFVLKSBMaW1pdGVkMSUwIwYDVQQDDBxTYWdlIFNT TyBJZGVudGl0eSBSb290IChFQzIpgggMGaY7iUA1NjANBgkqhkiG9w0BAQUFAAOB gQAGIaJVvO0gQhT6ZpEaEU8+HzaNcB8nKVOKJzz0/j8+X72nz5Zb4w57LdBS+sA6 xNxbH02aPMAbFKTy1suDani9ax5JET7jcXt8FuccUQZxaYc8Pu5ZF2F1Oi0Sw+hD jbIssjPvheIN3O6Yi+mRbSzJh/rX5IRBjEocx/BF1xP/mA==
END CERTIFICATE-----
==>c'est le certificat racine
pour le certificat client
openssl.exe pkcs12 –in certificat_client_in.pfx –out certificat_client_out.pem
on doit obtenir ceci
Bag Attributes localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F friendlyName: Sage SSO Test Identity P (EC2) Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQCKv+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g 4paPUlS7PnkINtR2fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0C cNWlT3WeTYJRxuD642NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQAB AoGATmat2ZfkFergJo+ZzxbhDZA6xFo5jdQ0FSGdfdeGKyeuCJ7bxr1Cpim3hzZ9 3Y5d77ZoEWxDfWKvZwExAasa8Mxirh91B5H2Q+JS02eQPBald583BiolYKjuWrdR CXGVZo5xDt2beuNCwndQvUdfLlLQeKYtpUrBjcvDIgFRO+ECQQDkP2WxF9cwqvnN z69Y33W1CoDHRZbhj551ND66OC0TYisXBGAuymbfAr/8eIEr5D+NodqWWcJhOVXf dPO6ebXzAkEAm56yNagENnKjjpGP9EW5odefKTWs65selucJmC+JgFj7rskzImeQ YIM7++HRBHwYByKUHXpzVP2uIpyiFhY39wJAP317FhXhoAIPVrasufX+0gtH4yZy X/AJTeTohfhWYYvvHIn1D07x6prjOKF0nPbyzrz1BtmU/mJqhqwLmBV/DQJAc4t9 HkHF/vdXYT/K9r/eeMA0ONDVt4nRSJH6mbiSC24GUVyqTt0+YaqPGxIrs3zACmwu NUT55R0F8kUCRAvzOQJATQ4h4D03xPgHlyh75qIPRmda+ShoV0UROI/bF7KRstVY AFTC4VkU1qTIZNzUWjBl19OkD6aLN6E71f4KuAyuog== -----END RSA PRIVATE KEY----- Bag Attributes localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F friendlyName: Sage SSO Test Identity P (EC2) subject=/C=United Kingdom/O=Sage (UK) Limited/CN=webappp.sagessdp.com issuer=/C=United Kingdom/O=Sage (UK) Limited/CN=Sage SSO Identity Root (EC2) -----BEGIN CERTIFICATE----- MIICyTCCAjKgAwIBAgIQZV6oewOPcJJLyELdjc/oCDANBgkqhkiG9w0BAQUFADBc MRcwFQYDVQQGEw5Vbml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExp bWl0ZWQxJTAjBgNVBAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMikwHhcN MTAwMzAzMDAwMDAwWhcNMTMwMzAzMDAwMDAwWjBUMRcwFQYDVQQGEw5Vbml0ZWQg S2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxHTAbBgNVBAMMFHdl YmFwcHAuc2FnZXNzZHAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK v+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g4paPUlS7PnkINtR2 fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0CcNWlT3WeTYJRxuD6 42NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQABo4GTMIGQMIGNBgNV HSMEgYUwgYKAFDiqRVtx74Up9IYm31a12OhUrRtVoWCkXjBcMRcwFQYDVQQGEw5V bml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxJTAjBgNV BAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMimCCAwZpjuJQDU2MA0GCSqG SIb3DQEBBQUAA4GBAEuqnO78EANjZT/DfZU124DvRy/r+L1hZ3Et7a62wnHjDgAX zKS3irZvzDOELYoXB5nkd4MMjCcy9F0jCZ2WfIWCS7D5LGrLLKcTKu5lKsArADKG LzFrcDP6Y2djoToTgXWkQ6GDRu2uaOpQ/ZVWBY/qr0RKf1Fye1dAEyspPwhC -----END CERTIFICATE-----
Extraire -----BEGIN RSA PRIVATE KEY----- ....-----END RSA PRIVATE KEY----- dans un fichier ==> c'est la clef privée
Extraire -----BEGIN CERTIFICATE----- ...-----END CERTIFICATE----- dans un fichier ==> c'est le certificat client
Whos here now: Members 0 Guests 0 Bots & Crawlers 1 |